From clamav-announce-bounces@lists.clamav.net Thu Feb 1 16:17:49 2007 Return-Path: X-Original-To: list@tad.clamav.net Delivered-To: list@tad.clamav.net Received: from tad.clamav.net ([127.0.0.1]) by localhost (tad [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 08642-05; Thu, 1 Feb 2007 16:17:49 +0100 (CET) Received: from tad.clamav.net (localhost.localdomain [127.0.0.1]) by tad.clamav.net (Postfix) with ESMTP id 7525D16C2BC; Thu, 1 Feb 2007 16:17:47 +0100 (CET) X-Original-To: clamav-announce@tad.clamav.net Delivered-To: clamav-announce@tad.clamav.net Received: from tad.clamav.net ([127.0.0.1]) by localhost (tad [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 07424-07 for ; Thu, 1 Feb 2007 16:07:21 +0100 (CET) Received: from mosquito.nervous.bbs (localhost.localdomain [127.0.0.1]) by tad.clamav.net (Postfix) with ESMTP id 7A06B16C1A3 for ; Thu, 1 Feb 2007 16:07:20 +0100 (CET) Received: from nervous by mosquito.nervous.bbs with local (Exim 4.63) (envelope-from ) id 1HCdWy-0002Aq-Tq for clamav-announce@lists.clamav.net; Thu, 01 Feb 2007 16:07:20 +0100 Date: Thu, 1 Feb 2007 16:07:20 +0100 From: Luca Gibelli To: ClamAV Announce Message-ID: <20070201150720.GC10566@adsl.nervous.it> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.13 (2006-08-11) X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at clamav.net X-Mailman-Approved-At: Thu, 01 Feb 2007 16:17:46 +0100 Subject: [Clamav-announce] announcing ClamAV 0.90rc3 X-BeenThere: clamav-announce@lists.clamav.net X-Mailman-Version: 2.1.5 Precedence: list Reply-To: noreply@clamav.net List-Id: ClamAV events are announced here List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: clamav-announce-bounces@lists.clamav.net Errors-To: clamav-announce-bounces@lists.clamav.net X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at clamav.net Dear ClamAV users, The Release Candidate of the long awaited ClamAV 0.90 is ready for general testing! This version introduces lots of new interesting features and marks a big step forward in the development of our antivirus engine. The most important change is the introduction of scripted updates. Instead of transferring the whole cvd file at each update, only the differences between the latest cvds and the previous versions will be transferred. In case the local copy of the latest cvd is corrupted or the scripted update fails for some reason, freshclam will fallback to the old method. Similarly to cvd files, scripted updates are compressed and digitally signed and are already being distributed. They will dramatically reduce traffic on our mirrors and will allow us to release even more updates in the future. Another noticeable change is the new configuration syntax: you can now turn single options on and off, the old crude hack of "DisableDefaultScanOptions" is no longer required. Cosmetic changes apart, the 0.9x series introduces lots of new code, but some parts are not compiled in by default because they are not ready for production systems yet. You are encouraged to pass the --enable-experimental flag to ./configure when compiling ClamAV. If you find a bug, please take some time to report it on our bugzilla: http://bugs.clamav.net. Your help in testing the new code is really appreciated. The experimental code introduces many improvements in terms of detection rate and performances. RAR3, SIS and SFX archives support is finally available together with new unpackers and decryptors: pespin, sue, yc, wwpack32 and others. Additionally, ClamAV now includes better mechanisms for scanning ELF, PDF and tar files. The email decoding has been improved to reduce both the memory requirements and the time taken to process attachments. As part of the Google Summer of Code program, we have introduced support for a new phishing signatures format that has proved very effective in detecting phishing emails. The ClamAV phishing module allows better and more generic detection of phishing emails by searching for URLs in email messages, and comparing the real site with the URL displayed to the user in the message. On the performance side, support for the MULTISCAN command has been implemented in clamd, allowing to scan multiple files simultaneously. Support for Sensory Networks NodalCore Acceleration (http://www.clamav.net/nodalcore/) in ClamAV is now available and will be compiled in if the ncore libraries are detected at compile time. NodalCore acceleration allows highly improved scan speeds on systems equipped with NodalCore cards. Detailed list of changes (to be finished): -) libclamav: + New unpacker for RAR3, RAR2 and RAR1 + Support for RAR-SFX, Zip-SFX and CAB-SFX archives + New PE parsing model: - Accurate virtual and raw size and offset calculations - Proper parsing of executables with weird/handcrafted/uncommon headers - Proper handling (or skipping) of ghost sections at various places in the code - Rebuild improvements for various unpackers - Adjusted alignment on rebuilt executables - Proper handling of out of sections offsets - Broken exe detection now mimics the XPSP2 loader - Lots of misc improvements and fixes + Support for PE32+ (64-bit) executables + Support for MD5 signatures based on PE sections (.mdb) + ELF file parser + Support for Sensory Networks' NodalCore hardware acceleration technology + Advanced phishing detection module (experimental) + Signatures are stored in separate trees depending on their target type + Algorithmic detection can be controlled with CL_SCAN_ALGO + Support for new obfuscators: SUE, Y0da Cryptor, CryptFF + Support for new packers: NsPack, wwpack32, MEW, Upack + Support for SIS files (SymbianOS packages) + Support for PDF and RTF files + New encoding and entity normalizer (experimental) -) clamd: + New config file parser: * all options require arguments (options without args must be now followed by boolean values: (yes, no), (1, 0), or (true, false) * optional arguments (as in NotifyClamd) are no longer supported * removed "DisableDefaultScanOptions" option (scan options can be configured individually) + TCP and local sockets can be operated simultaneously + New command: MULTISCAN (scan directory with multiple threads) + New option PhishingSignatures + New option AlgorithmicDetection + New option NodalCore + New option PhishingStrictURLCheck + New option ScanELF -) clamav-milter: + Black list mode: optionally black lists an IP for a configurable amount of time + Black hole mode: detects emails that will be discarded and refrains from scanning them + Reporting: ability to report phishing attempts to anti-phishing organisations to help close the sites + Improved load balancing for scanning with clusters + Removed -b option (enable BOUNCE compile time option to re-enable the option) -) clamscan: + New options: --no-phishing-sigs, --no-algorithmic (disable phishing and algorithmic detection respectively) + New option: --ncore + New option: --no-elf + New option: --copy -) freshclam: + Interpreter for .cdiff files (scripted updates) + Initial version of mirror manager + New option: --list-mirrors + New option HTTPUserAgent to force different User-Agent header -) sigtool: + New option: --utf16-decode (decode UTF16 encoded files) + New options: --diff, --run-cdiff, --verify-cdiff (update script management) -- The ClamAV team (http://www.clamav.net/team.html) -- Luca Gibelli (luca _at_ clamav.net) - ClamAV, a GPL anti-virus toolkit [Tel] +1 706 7054022 [Fax] +1 706 5345792 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ key server || http://www.clamav.net/gpg/luca.gpg _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-announce